{"id":"https://openalex.org/W7124168374","doi":"https://doi.org/10.1109/icpads67057.2025.11323077","title":"Detecting and Characterizing APT Attacks in the Open World","display_name":"Detecting and Characterizing APT Attacks in the Open World","publication_year":2025,"publication_date":"2025-12-14","ids":{"openalex":"https://openalex.org/W7124168374","doi":"https://doi.org/10.1109/icpads67057.2025.11323077"},"language":null,"primary_location":{"id":"doi:10.1109/icpads67057.2025.11323077","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icpads67057.2025.11323077","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 31th International Conference on Parallel and Distributed Systems (ICPADS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5123001852","display_name":"Hao Xi","orcid":null},"institutions":[{"id":"https://openalex.org/I4210110997","display_name":"Ministry of Education","ror":"https://ror.org/01xexqx38","country_code":"ME","type":"government","lineage":["https://openalex.org/I4210110997"]}],"countries":["ME"],"is_corresponding":true,"raw_author_name":"Hao Xi","raw_affiliation_strings":["Tsinghua University,Beijing National Research Center for Information Science and Technology (BNRist), Key Laboratory for Information System Security, Ministry of Education (KLISS),Beijing,China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University,Beijing National Research Center for Information Science and Technology (BNRist), Key Laboratory for Information System Security, Ministry of Education (KLISS),Beijing,China","institution_ids":["https://openalex.org/I4210110997"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123027048","display_name":"Yibin Han","orcid":null},"institutions":[{"id":"https://openalex.org/I4210126257","display_name":"CRRC (China)","ror":"https://ror.org/033g21894","country_code":"CN","type":"company","lineage":["https://openalex.org/I4210126257"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yibin Han","raw_affiliation_strings":["CRRC Corporation Limited,Beijing,China"],"affiliations":[{"raw_affiliation_string":"CRRC Corporation Limited,Beijing,China","institution_ids":["https://openalex.org/I4210126257"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123001236","display_name":"Xiaoxiang Li","orcid":null},"institutions":[{"id":"https://openalex.org/I4210110997","display_name":"Ministry of Education","ror":"https://ror.org/01xexqx38","country_code":"ME","type":"government","lineage":["https://openalex.org/I4210110997"]}],"countries":["ME"],"is_corresponding":false,"raw_author_name":"Xiaoxiang Li","raw_affiliation_strings":["Tsinghua University,Beijing National Research Center for Information Science and Technology (BNRist), Key Laboratory for Information System Security, Ministry of Education (KLISS),Beijing,China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University,Beijing National Research Center for Information Science and Technology (BNRist), Key Laboratory for Information System Security, Ministry of Education (KLISS),Beijing,China","institution_ids":["https://openalex.org/I4210110997"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5122998217","display_name":"Jingwei Song","orcid":null},"institutions":[{"id":"https://openalex.org/I4210126257","display_name":"CRRC (China)","ror":"https://ror.org/033g21894","country_code":"CN","type":"company","lineage":["https://openalex.org/I4210126257"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jingwei Song","raw_affiliation_strings":["CRRC Corporation Limited,Beijing,China"],"affiliations":[{"raw_affiliation_string":"CRRC Corporation Limited,Beijing,China","institution_ids":["https://openalex.org/I4210126257"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123034509","display_name":"Zhenwei Zhang","orcid":null},"institutions":[{"id":"https://openalex.org/I4210126257","display_name":"CRRC (China)","ror":"https://ror.org/033g21894","country_code":"CN","type":"company","lineage":["https://openalex.org/I4210126257"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhenwei Zhang","raw_affiliation_strings":["CRRC Corporation Limited,Beijing,China"],"affiliations":[{"raw_affiliation_string":"CRRC Corporation Limited,Beijing,China","institution_ids":["https://openalex.org/I4210126257"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100505799","display_name":"Hai WAN","orcid":null},"institutions":[{"id":"https://openalex.org/I4210110997","display_name":"Ministry of Education","ror":"https://ror.org/01xexqx38","country_code":"ME","type":"government","lineage":["https://openalex.org/I4210110997"]}],"countries":["ME"],"is_corresponding":false,"raw_author_name":"Hai Wan","raw_affiliation_strings":["Tsinghua University,Beijing National Research Center for Information Science and Technology (BNRist), Key Laboratory for Information System Security, Ministry of Education (KLISS),Beijing,China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University,Beijing National Research Center for Information Science and Technology (BNRist), Key Laboratory for Information System Security, Ministry of Education (KLISS),Beijing,China","institution_ids":["https://openalex.org/I4210110997"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100773043","display_name":"Xibin Zhao","orcid":"https://orcid.org/0000-0002-6168-7016"},"institutions":[{"id":"https://openalex.org/I4210110997","display_name":"Ministry of Education","ror":"https://ror.org/01xexqx38","country_code":"ME","type":"government","lineage":["https://openalex.org/I4210110997"]}],"countries":["ME"],"is_corresponding":false,"raw_author_name":"Xibin Zhao","raw_affiliation_strings":["Tsinghua University,Beijing National Research Center for Information Science and Technology (BNRist), Key Laboratory for Information System Security, Ministry of Education (KLISS),Beijing,China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University,Beijing National Research Center for Information Science and Technology (BNRist), Key Laboratory for Information System Security, Ministry of Education (KLISS),Beijing,China","institution_ids":["https://openalex.org/I4210110997"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5123001852"],"corresponding_institution_ids":["https://openalex.org/I4210110997"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.69068453,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9365000128746033,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9365000128746033,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.014399999752640724,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.00570000009611249,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6342999935150146},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.5231999754905701},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5142999887466431},{"id":"https://openalex.org/keywords/component","display_name":"Component (thermodynamics)","score":0.43880000710487366},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.41200000047683716},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.36649999022483826},{"id":"https://openalex.org/keywords/data-set","display_name":"Data set","score":0.35199999809265137},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.3499000072479248}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7159000039100647},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6342999935150146},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.5231999754905701},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5142999887466431},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.47380000352859497},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.44020000100135803},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.43880000710487366},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4214000105857849},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.41200000047683716},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.36649999022483826},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.35690000653266907},{"id":"https://openalex.org/C58489278","wikidata":"https://www.wikidata.org/wiki/Q1172284","display_name":"Data set","level":2,"score":0.35199999809265137},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.3499000072479248},{"id":"https://openalex.org/C51632099","wikidata":"https://www.wikidata.org/wiki/Q3985153","display_name":"Training set","level":2,"score":0.3395000100135803},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.32829999923706055},{"id":"https://openalex.org/C3018725008","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber threats","level":2,"score":0.32829999923706055},{"id":"https://openalex.org/C137524506","wikidata":"https://www.wikidata.org/wiki/Q2247688","display_name":"Anomaly-based intrusion detection system","level":3,"score":0.2883000075817108},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.28610000014305115},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.28600001335144043},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.2554999887943268},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.25029999017715454}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icpads67057.2025.11323077","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icpads67057.2025.11323077","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 31th International Conference on Parallel and Distributed Systems (ICPADS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G6130079652","display_name":null,"funder_award_id":"2023YFB3307500","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"},{"id":"https://openalex.org/G989822221","display_name":null,"funder_award_id":"62021002,6212780016","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W572355794","https://openalex.org/W2119880843","https://openalex.org/W2132791018","https://openalex.org/W2159357881","https://openalex.org/W2194775991","https://openalex.org/W2520774990","https://openalex.org/W2767094836","https://openalex.org/W2797283471","https://openalex.org/W2905049115","https://openalex.org/W2910711617","https://openalex.org/W2928842143","https://openalex.org/W2928980918","https://openalex.org/W2958285686","https://openalex.org/W2962703433","https://openalex.org/W2963149653","https://openalex.org/W2963924212","https://openalex.org/W2978956219","https://openalex.org/W2986944522","https://openalex.org/W3005127313","https://openalex.org/W3006711782","https://openalex.org/W3014616698","https://openalex.org/W3020434223","https://openalex.org/W3193327991","https://openalex.org/W3200583622","https://openalex.org/W3210911509","https://openalex.org/W4255411440","https://openalex.org/W4324007053","https://openalex.org/W4402288718"],"related_works":[],"abstract_inverted_index":{"The":[0],"Intrusion":[1],"Detection":[2],"System":[3],"(IDS)":[4],"is":[5,21],"an":[6,149],"essential":[7],"component":[8],"of":[9,24,35,130,151],"cybersecurity":[10],"for":[11,122,178],"Advanced":[12],"Persistent":[13],"Threat":[14],"(APT)":[15],"defense.":[16],"A":[17],"successful":[18],"APT":[19,97,166],"attack":[20,167],"a":[22,81,100,107,164],"series":[23],"tactics":[25],"aimed":[26],"at":[27],"achieving":[28],"specific":[29,96],"goals.":[30],"Due":[31],"to":[32,41,68,87,95,115],"the":[33,69,127],"versatility":[34],"these":[36],"tactics,":[37],"IDS":[38,50],"must":[39],"respond":[40],"numerous":[42],"novel":[43],"and":[44,64,92,106,118,141,154],"previously":[45],"unobserved":[46],"attacks.":[47,160],"However,":[48],"traditional":[49],"systems":[51],"are":[52],"ineffective":[53],"in":[54,132],"defending":[55],"against":[56],"unknown":[57,90],"attacks,":[58],"as":[59],"they":[60],"assume":[61],"that":[62,145],"training":[63],"real":[65],"data":[66],"belong":[67],"same":[70],"distribution.":[71],"To":[72],"tackle":[73],"this":[74],"problem,":[75],"we":[76,162],"introduce":[77],"OpenSentinel,":[78],"which":[79,174],"leverages":[80],"deep":[82],"open":[83],"set":[84],"recognition":[85],"method":[86,147],"effectively":[88],"detect":[89],"attacks":[91,117],"pinpoint":[93],"them":[94],"stages.":[98],"With":[99],"specially":[101],"designed":[102],"log":[103],"modeling":[104],"approach":[105],"neural":[108],"network":[109],"model,":[110],"OpenSentinel":[111,131],"generates":[112],"human-readable":[113],"reports":[114],"characterize":[116],"facilitate":[119],"further":[120],"analysis":[121],"security":[123],"experts.":[124],"We":[125],"validate":[126],"detection":[128],"performance":[129],"two":[133],"experimental":[134],"environments":[135],"with":[136,169],"over":[137,152],"100":[138],"scenarios.":[139],"Qualitative":[140],"quantitative":[142],"results":[143],"demonstrate":[144],"our":[146],"achieves":[148],"accuracy":[150],"90%":[153],"remains":[155],"robust":[156],"when":[157],"facing":[158],"real-world":[159],"Meanwhile,":[161],"developed":[163],"benchmark":[165],"dataset":[168],"well-defined":[170],"stages":[171],"named":[172],"BeATT&CKed,":[173],"can":[175],"be":[176],"used":[177],"future":[179],"research.":[180]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2026-01-15T00:00:00"}